Chapter 05: Analyzing Vulnerability Scans Flashcards
This is almost a frame-for-frame recap of the chapter from CySA+
Review that deck for more:
Anything new will be added in the cards below
Rootkits
Hacking tools designed to automate privilege escalation attacks
Arbitrary Code Execution
ACE vulnerabilities allow attackers to run software of their choice on a targeted system
RCE are even more dangerous subset of ACE because the attacker can exploit the vulnerability over a network connection without having physical or logical access to the target system
Firmware
Computer code stored in nonvolatile memory on a device where it can survive a reboot
Like any code, it can contain vulnerabilities
Presents a unique oppty for pentesters becaues they often remain unpatched
Pentesters can use a firmware vulnerability in a nonstandard computing device to gain a foothold on a network and then pivot to other systems
Spectre and Meltdown
Two hardware vulnerabilities in almost every microprocessor manufactured during the last two decades (pre 2017)
The vulnerabilities exploit a feature of the chips known as speculative execution to allow processes to gain access to information reserved for other processes
Detecting Hardware Vulnerabilities
Often requires the use of credentialed vulnerability scans, configuration management tools, or other approaches that leverage inside access to the system
Point of Sale Vulnerabilities
POS systems in retail stores, restaurants, hotels, etc are lurative targets for attackers and pentesters alike
The systems store, process, and transmite CC information
Typically they run either standard or specialized versions of common OS, with many variants of MS Windows
They require the same level of patching and security controls as any other Windows system and are subject to the same security vulnerabilities as those devices
POS systems must comply with PCI-DSS
